-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
523 lines (438 loc) · 16.7 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
# From https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/variables.tf
################################################################################
# Existing cluster
################################################################################
variable "use_existing_cluster" {
description = "Flag to use an existing cluster. If this is true, a new EKS cluster will not be created"
default = false
type = bool
}
variable "existing_cluster_node_role_arn" {
description = "IAM node role ARN for an existing cluster. This will only be used when use_existing_cluster is true"
default = ""
type = string
validation {
condition = var.use_existing_cluster == false || var.existing_cluster_node_role_arn != ""
error_message = "existing_cluster_node_role_arn must be non-empty if use_existing_cluster is true."
}
}
variable "existing_cluster_node_security_group_id" {
description = "Node security group for an existing cluster. This will only be used when use_existing_cluster is true."
default = ""
type = string
validation {
condition = var.use_existing_cluster == false || var.existing_cluster_node_security_group_id != ""
error_message = "existing_cluster_node_security_group_id must be non-empty if use_existing_cluster is true."
}
}
variable "existing_cluster_oidc_issuer_arn" {
description = "OIDC issuer ARN for an existing cluster. This will only be used when use_existing_cluster is true."
default = ""
type = string
validation {
condition = var.use_existing_cluster == false || var.existing_cluster_oidc_issuer_arn != ""
error_message = "existing_cluster_oidc_issuer_arn must be non-empty if use_existing_cluster is true."
}
}
variable "existing_cluster_oidc_issuer_url" {
description = "OIDC issuer URL for an existing cluster. This will only be used when use_existing_cluster is true."
default = ""
type = string
validation {
condition = var.use_existing_cluster == false || var.existing_cluster_oidc_issuer_url != ""
error_message = "existing_cluster_oidc_issuer_url must be non-empty if use_existing_cluster is true."
}
}
################################################################################
# Cluster
################################################################################
variable "cluster_name" {
description = "Name of the EKS cluster. If use_existing_cluster is set to true, cluster_name will be used to fetch details only"
type = string
}
variable "cluster_iam_role_enabled" {
description = "Enable/Disable creation of cluster IAM role."
type = bool
default = true
}
variable "cluster_iam_role_arn" {
description = "IAM role ARN of the cluster. If cluster_iam_role_enabled is set to true, cluster_iam_role_arn will be used for cluster IAM role."
type = string
default = ""
validation {
condition = var.cluster_iam_role_enabled || var.cluster_iam_role_arn != ""
error_message = "cluster_iam_role_arn must be non-empty if cluster_iam_role_enabled is false"
}
}
variable "cluster_enabled_log_types" {
description = "A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)"
type = list(string)
default = ["audit", "api", "authenticator"]
}
variable "enable_cluster_log" {
description = "Enable cluster control plane logs"
type = bool
default = true
}
variable "cluster_additional_security_group_ids" {
description = "List of additional, externally created security group IDs to attach to the cluster control plane"
type = list(string)
default = []
}
variable "subnet_ids" {
description = "A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration"
type = list(string)
default = []
}
variable "cluster_endpoint_private_access" {
description = "Indicates whether or not the Amazon EKS private API server endpoint is enabled"
type = bool
default = true
}
variable "cluster_endpoint_public_access" {
description = "Indicates whether or not the Amazon EKS public API server endpoint is enabled"
type = bool
default = true
}
variable "cluster_endpoint_public_access_cidrs" {
description = "List of CIDR blocks which can access the Amazon EKS public API server endpoint"
type = list(string)
default = ["0.0.0.0/0"]
}
variable "cluster_version" {
description = "EKS cluster version"
type = string
default = "1.32"
}
variable "cluster_authentication_mode" {
description = "value of the authentication mode for the EKS cluster"
type = string
default = "API_AND_CONFIG_MAP"
}
variable "enable_cluster_creator_admin_permissions" {
description = "Enable admin permission for the user who created the cluster"
default = true
type = bool
}
variable "cluster_access_entries" {
description = "value of the access entries for the EKS cluster"
type = any
default = {}
}
################################################################################
# CloudWatch Log Group
################################################################################
variable "create_cloudwatch_log_group" {
description = "Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled"
type = bool
default = true
}
variable "cloudwatch_log_group_retention_in_days" {
description = "Number of days to retain log events. Default retention - 7 days"
type = number
default = 7
}
################################################################################
# Cluster Security Group
################################################################################
variable "vpc_id" {
description = "ID of the VPC where the cluster and its nodes will be provisioned"
type = string
default = null
}
variable "cluster_security_group_additional_rules" {
description = "List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source"
type = any
default = {}
}
################################################################################
# Node Security Group
################################################################################
variable "node_security_group_additional_rules" {
description = "List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source"
type = any
default = {}
}
variable "node_security_group_tags" {
description = "List of node security group tags"
type = any
default = {}
}
################################################################################
# IRSA
################################################################################
variable "enable_irsa" {
description = "Determines whether to create an OpenID Connect Provider for EKS to enable IRSA"
type = bool
default = true
}
variable "openid_connect_audiences" {
description = "List of OpenID Connect audience client IDs to add to the IRSA provider"
type = list(string)
default = []
}
################################################################################
# Cluster IAM Role
################################################################################
variable "iam_role_additional_policies" {
description = "Additional policies to be added to the IAM role"
type = map(string)
default = {}
}
################################################################################
# Self Managed Node Group
################################################################################
variable "self_managed_node_group_defaults" {
description = "Self node group defaults"
type = any
default = {}
}
variable "self_managed_node_groups" {
description = "Map of self-managed node group definitions to create"
type = any
default = {}
}
################################################################################
# EKS Managed Node Group
################################################################################
variable "eks_managed_node_group_defaults" {
description = "Managed node group defaults"
type = any
default = {}
}
variable "additional_eks_managed_node_groups" {
description = "Map of additional EKS managed node group definitions to create"
type = any
default = {}
}
################################################################################
# EKS Managed Initial Node Group
################################################################################
variable "initial_node_pool_enabled" {
description = "Create al2023 initial node pool for EKS managed node group"
type = bool
default = true
}
variable "initial_node_pool_ami_id" {
description = "AMI ID for the initial node pool. Keep it empty string for using the public AMI"
type = string
default = ""
}
variable "initial_node_pool_ami_type" {
description = "AMI type for the initial node pool"
type = string
default = "AL2023_x86_64_STANDARD"
}
variable "inital_node_pool_capacity_type" {
description = "capacity type for the initial node pool"
type = string
default = "SPOT"
}
variable "initial_node_pool_create_iam_role" {
description = "Create IAM role for the initial node pool"
type = bool
default = true
}
variable "initial_node_pool_iam_role_description" {
description = "Description for the IAM role of the initial node pool"
type = string
default = ""
}
variable "initial_node_pool_create_iam_role_policy" {
description = "Create IAM role policy for the initial node pool"
type = bool
default = true
}
variable "initial_node_pool_iam_role_arn" {
description = "IAM role ARN for the initial node pool"
type = string
default = ""
validation {
condition = var.initial_node_pool_create_iam_role || var.initial_node_pool_iam_role_arn != ""
error_message = "initial_node_pool_iam_role_arn must be non-empty if initial_node_pool_create_iam_role is false."
}
}
variable "initial_node_pool_create_node_template" {
description = "Create node template for the initial node pool"
type = bool
default = true
}
variable "initial_node_pool_enable_bootstrap_user_data" {
description = "Enable bootstrap user data in the user_data template when using a custom AMI. Defaults to false"
type = bool
default = false
}
variable "initial_node_pool_launch_template_description" {
description = "Description for the initial node pool launch template"
type = string
default = ""
}
variable "initial_node_pool_volume_size" {
description = "Volume size in GB for the initial node pool"
type = number
default = 100
}
variable "initial_node_pool_encryption_enabled" {
description = "Enable encryption for inital node pool"
type = bool
default = true
}
variable "initial_node_pool_min_size" {
description = "Minimum size for the initial node pool"
type = number
default = 2
}
variable "initial_node_pool_max_size" {
description = "Maximum size for the initial node pool"
type = number
default = 2
}
variable "initial_node_pool_desired_size" {
description = "Desired size for the initial node pool"
type = number
default = 2
}
variable "initial_node_pool_iam_role_attach_cni_policy" {
description = "Attach CNI policy to IAM role for the initial node pool"
type = bool
default = true
}
variable "initial_node_pool_iam_role_tags" {
description = "IAM role tags for the initial node pool"
type = map(string)
default = {}
}
variable "initial_node_pool_iam_role_additional_policies" {
description = "Additional policies to be added to the IAM role for the initial node pool"
type = map(string)
default = {
# Required by Karpenter
karpenter = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
}
variable "initial_node_pool_iam_role_use_name_prefix" {
description = "Use name prefix for IAM role for the initial node pool"
type = bool
default = true
}
variable "initial_node_pool_instance_types" {
description = "Instance types for the initial node pool"
type = list(string)
default = ["c7i.xlarge", "m7i.xlarge", "r7i.xlarge", "r6i.xlarge", "r6a.xlarge", "c6i.xlarge", "c6a.xlarge", "m6a.xlarge"]
}
variable "initial_node_pool_launch_template_use_name_prefix" {
description = "Use name prefix for launch template for the initial node pool"
type = bool
default = true
}
variable "initial_node_pool_metadata_options" {
description = "Metadata options for the initial node pool"
type = map(string)
default = {}
}
variable "initial_node_pool_labels" {
description = "Labels for the initial node pool"
type = map(string)
default = {
"class.truefoundry.com" = "initial"
}
}
##################################################################################
## Other variables
##################################################################################
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
##################################################################################
## Karpenter Fargate profile
##################################################################################
variable "karpenter_fargate_profile_enabled" {
description = "Enable Karpenter Fargate profile"
type = bool
default = false
}
variable "karpenter_fargate_profile_namespace" {
description = "value of the namespace where Karpenter is installed"
type = string
default = "karpenter"
}
variable "karpenter_fargate_profile_create_iam_role" {
description = "Create IAM role for Karpenter Fargate profile"
type = bool
default = true
}
variable "karpenter_fargate_profile_attach_cni_policy" {
description = "Attach CNI policy to IAM role for Karpenter Fargate profile"
type = bool
default = true
}
##################################################################################
## EKS addons
##################################################################################
# variable "cluster_addons_coredns_enable" {
# description = "Enable the CoreDNS addon"
# type = bool
# default = true
# }
variable "cluster_addons_coredns_version" {
description = "Version of the CoreDNS addon"
type = string
default = "v1.11.4-eksbuild.2"
}
variable "cluster_addons_coredns_additional_configurations" {
description = "Additional configurations for the coredns addon"
type = any
default = {}
}
# variable "cluster_addons_vpc_cni_enable" {
# description = "Enable the VPC CNI addon"
# type = bool
# default = true
# }
variable "cluster_addons_vpc_cni_version" {
description = "Version of the VPC CNI addon"
type = string
default = "v1.19.2-eksbuild.5"
}
variable "cluster_addons_vpc_cni_additional_configurations" {
description = "Additional configurations for the VPC CNI addon"
type = any
default = {}
}
# variable "cluster_addons_kube_proxy_enable" {
# description = "Enable the kube-proxy addon"
# type = bool
# default = true
# }
variable "cluster_addons_kube_proxy_version" {
description = "Version of the kube-proxy addon"
type = string
default = "v1.32.0-eksbuild.2"
}
variable "cluster_addons_kube_proxy_additional_configurations" {
description = "Additional configurations for the kube proxy addon"
type = any
default = {}
}
# variable "cluster_addons_eks_pod_identity_agent_enable" {
# description = "Enable the EKS Pod Identity Agent addon"
# type = bool
# default = false
# }
variable "cluster_addons_eks_pod_identity_agent_version" {
description = "Version of the EKS Pod Identity Agent addon"
type = string
default = "v1.3.4-eksbuild.1"
}
variable "cluster_addons_eks_pod_identity_agent_additional_configurations" {
description = "Additional configurations for the kube proxy addon"
type = any
default = {}
}
variable "cluster_addons_observability_tag" {
description = "Tag to identify EKS Blueprints usage within observability tools. Keep this value to null to disable telemetry"
type = string
default = "qs-1ubotj5kl"
}